[go: up one dir, main page]

CN106211163B - Method and apparatus for secure networking - Google Patents

Method and apparatus for secure networking Download PDF

Info

Publication number
CN106211163B
CN106211163B CN201610613167.4A CN201610613167A CN106211163B CN 106211163 B CN106211163 B CN 106211163B CN 201610613167 A CN201610613167 A CN 201610613167A CN 106211163 B CN106211163 B CN 106211163B
Authority
CN
China
Prior art keywords
mac address
module
wifi
security module
factory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610613167.4A
Other languages
Chinese (zh)
Other versions
CN106211163A (en
Inventor
俞义
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN201610613167.4A priority Critical patent/CN106211163B/en
Publication of CN106211163A publication Critical patent/CN106211163A/en
Application granted granted Critical
Publication of CN106211163B publication Critical patent/CN106211163B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to a method and a device for secure networking. The method comprises the following steps: acquiring factory mac address information of a wifi module of equipment, and writing the factory mac address information into a preset security module, wherein the security module is a module requiring authority authentication when information is written; when a connectable wifi network is detected, reading a factory mac address stored in the security module, and acquiring a current mac address of the wifi module; and comparing the current mac address with the outgoing mac address, and judging whether the equipment is unsafe to access the wifi network according to the comparison result. The method and the device can reduce the risk of information leakage caused by equipment networking.

Description

安全联网的方法和装置Method and apparatus for secure networking

技术领域technical field

本发明涉及智能终端技术领域,特别是涉及智能终端安全联网的方法和安全联网的装置。The present invention relates to the technical field of intelligent terminals, in particular to a method and a device for secure networking of an intelligent terminal.

背景技术Background technique

随着智能手机等智能设备的兴起,越来越多的智能设备被用户使用。Wifi技术从兴起依赖,也越来越被广泛使用。随着wifi被人们广泛使用的同时,也导致一些信息泄露等安全问题。以手机为例,由于不同手机上的wifi模块是通过不同的mac地址进行区分的,如果mac地址一样,对于网络而言,则认为是同一个手机。由于手机的wifi模块的mac地址是可以通过一些技术手段进行修改的,因此留下了安全隐患,特别是在公共场合的网络环境下,给联网的手机的用户隐私信息带来较大被劫获的风险。With the rise of smart devices such as smartphones, more and more smart devices are used by users. Wifi technology has been relied on since the rise and has become more and more widely used. With the widespread use of wifi, it also leads to some security issues such as information leakage. Taking a mobile phone as an example, since the wifi modules on different mobile phones are distinguished by different mac addresses, if the mac addresses are the same, for the network, it is considered to be the same mobile phone. Because the mac address of the wifi module of the mobile phone can be modified by some technical means, it leaves a security risk, especially in the network environment in public places, which brings a great deal of hijacking to the user's private information of the connected mobile phone. risks of.

发明内容SUMMARY OF THE INVENTION

基于此,本发明实施例提供了安全联网的方法和装置,能够能够降低设备联网导致信息泄露的风险。Based on this, the embodiments of the present invention provide a method and apparatus for secure networking, which can reduce the risk of information leakage caused by device networking.

本发明一方面提供安全联网的方法,包括:One aspect of the present invention provides a method for secure networking, comprising:

获取设备wifi模块的出厂mac地址信息,将所述出厂mac地址信息写入预设的安全模块中,所述安全模块为写入信息时要求权限认证的模块;Obtain the factory mac address information of the device wifi module, and write the factory mac address information into a preset security module, where the security module is a module that requires authority authentication when writing information;

检测到有可连接的wifi网络,读取所述安全模块中存储的出厂mac地址,以及获取wifi模块的当前mac地址;Detecting a connectable wifi network, reading the factory mac address stored in the security module, and obtaining the current mac address of the wifi module;

将当前mac地址与出厂mac地址进行比对,根据比对结果判断所述设备接入wifi网络是否不安全。Compare the current mac address with the factory mac address, and judge whether the device is insecure to access the wifi network according to the comparison result.

本发明另一方面提供一种安全联网的装置,包括:Another aspect of the present invention provides a device for secure networking, comprising:

写入管理模块,用于获取设备wifi模块的出厂mac地址信息,将所述出厂mac地址信息写入预设的安全模块中,所述安全模块为写入信息时要求权限认证的模块;The writing management module is used to obtain the factory mac address information of the device wifi module, and write the factory mac address information into a preset security module, and the security module is a module that requires authority authentication when writing information;

读取管理模块,用于检测到有可连接的wifi网络,读取所述安全模块中存储的出厂mac地址,以及获取wifi模块的当前mac地址;The reading management module is used to detect that there is a connectable wifi network, read the factory mac address stored in the security module, and obtain the current mac address of the wifi module;

检测模块,用于将当前mac地址与出厂mac地址进行比对,根据比对结果判断所述设备接入wifi网络是否不安全。The detection module is used to compare the current mac address with the factory mac address, and judge whether the device is unsafe to access the wifi network according to the comparison result.

上述技术方案,通过将设备wifi模块的出厂mac地址信息写入预设的安全模块中,由于该安全模块写入信息时要求权限认证,因此写入其中的mac地址信息不易被篡改;进而通过检测设备wifi模块的当前mac地址与所述安全模块中存储的出厂mac地址,便可确定出设备wifi模块的当前mac地址是否经过了篡改;进而判断设备接入wifi网络是否存在安全风险,由此能够减小设备接入wifi网络导致信息泄露的风险。In the above technical solution, by writing the factory mac address information of the device wifi module into the preset security module, since the security module requires authority authentication when writing information, the mac address information written therein is not easily tampered with; The current mac address of the device wifi module and the factory mac address stored in the security module can determine whether the current mac address of the device wifi module has been tampered with; Reduce the risk of information leakage caused by the device connecting to the wifi network.

附图说明Description of drawings

图1为一实施例的安全联网的方法的示意性流程图;FIG. 1 is a schematic flowchart of a method for secure networking according to an embodiment;

图2为另一实施例的安全联网的方法的示意性流程图;FIG. 2 is a schematic flowchart of a method for secure networking according to another embodiment;

图3为一实施例的安全联网的装置的示意性结构图。FIG. 3 is a schematic structural diagram of a secure networking device according to an embodiment.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

图1为一实施例的安全联网的方法的示意性流程图;如图1所示,本实施例中的安全联网的方法包括步骤:FIG. 1 is a schematic flowchart of a method for secure networking according to an embodiment; as shown in FIG. 1 , the method for secure networking in this embodiment includes steps:

S11,获取设备wifi模块的出厂mac地址信息,将所述出厂mac地址信息写入预设的安全模块中,所述安全模块为写入信息时要求权限认证的模块;S11, obtaining the factory mac address information of the device wifi module, and writing the factory mac address information into a preset security module, where the security module is a module that requires authority authentication when writing information;

在设备出厂时,不同设备的wifi模块分配有不同的mac地址,以便网络能够唯一识别该设备的wifi模块并进行数据连接。以手机为例,由于不同手机上的wifi模块是通过不同的mac地址进行区分的,如果mac地址一样,对于网络而言,则认为是同一个手机。When the device leaves the factory, the wifi modules of different devices are assigned different mac addresses, so that the network can uniquely identify the wifi module of the device and perform data connection. Taking a mobile phone as an example, since the wifi modules on different mobile phones are distinguished by different mac addresses, if the mac addresses are the same, for the network, it is considered to be the same mobile phone.

优选的,若所述设备配置有NFC(Near Field Communication,近场通信)模块,则可将设备的NFC安全元件(secure element,简称SE)作为所述安全模块。NFC的SE可以认为是一张存储卡,可以用来存储一些重要的数据信息,并且修改SE里面的数据需要进行权限认证,因此被非法篡改的可能性较小。Preferably, if the device is configured with an NFC (Near Field Communication, near field communication) module, an NFC secure element (secure element, SE for short) of the device can be used as the security module. The SE of NFC can be considered as a memory card, which can be used to store some important data information, and modifying the data in the SE requires authorization authentication, so it is less likely to be illegally tampered with.

优选的,本发明实施例中可预先在设备中安装一个用于检测联网安全的应用程序,以通过所述应用程序将设备wifi模块的出厂mac地址信息写入预设的安全模块中。Preferably, in this embodiment of the present invention, an application program for detecting network security may be installed in the device in advance, so that the factory mac address information of the device wifi module can be written into the preset security module through the application program.

S12,检测到有可连接的wifi网络,读取所述安全模块中存储的出厂mac地址,以及获取wifi模块的当前mac地址;S12, detecting that there is a connectable wifi network, reading the factory mac address stored in the security module, and obtaining the current mac address of the wifi module;

作为另一优选实施方式,本步骤还可以为:按照设定的时间周期读取所述安全模块中存储的出厂mac地址,以及wifi模块的当前mac地址。As another preferred embodiment, this step may also be: reading the factory mac address stored in the security module and the current mac address of the wifi module according to a set time period.

优选的,为了提高效率,可设置为所述应用程序首次运行时,才进行权限校验,以判断所述应用程序是否具有所述安全模块的读写权限。若不是首次运行,可直接从所述安全模块中读取到所述出厂mac地址。实际上,所述应用程序首次运行时都是为了将设备wifi模块的出厂mac地址信息写入所述安全模块中,因此作为另一优选实施方式,还可以为:当向所述安全模块写入信息时需要进行权限校验,当需要从所述安全模块读取信息时,可不进行权限校验,以提高读信息的效率。Preferably, in order to improve efficiency, it may be set that permission verification is performed only when the application program runs for the first time, so as to determine whether the application program has the read and write permission of the security module. If it is not running for the first time, the factory mac address can be directly read from the security module. In fact, when the application is run for the first time, the purpose is to write the factory mac address information of the device wifi module into the security module, so as another preferred implementation, it can also be: when writing to the security module Permission verification needs to be performed when information is required, and when information needs to be read from the security module, permission verification may not be performed, so as to improve the efficiency of reading information.

S13,将当前mac地址与出厂mac地址进行比对,根据比对结果判断所述设备接入wifi网络是否不安全。S13, compare the current mac address with the factory mac address, and determine whether it is insecure for the device to access the wifi network according to the comparison result.

本发明实施例中,若比对结果为两者一致,表明wifi模块的当前mac地址没有被非法篡改,可确定为所述设备接入wifi网络安全,因此所述设备的wifi模块可正常接入可连接的网络。若比对结果为两者不一致,则表明wifi模块的当前mac地址可能被非法篡改,因此确定为所述设备接入wifi网络不安全,禁止所述设备的wifi模块接入网络。此时所述设备将无法通过其wifi模块联网,以保证设备中存储的用户信息被泄露。用户需将所述设备交付相应人员进行检测和恢复设置,才能正常联网。In the embodiment of the present invention, if the comparison result is the same, it indicates that the current mac address of the wifi module has not been illegally tampered with, and it can be determined that the device is safe to access the wifi network, so the wifi module of the device can be accessed normally connectable network. If the comparison result is inconsistent, it indicates that the current mac address of the wifi module may be illegally tampered with, so it is determined that the device is unsafe to access the wifi network, and the wifi module of the device is prohibited from accessing the network. At this time, the device will not be able to connect to the Internet through its wifi module, so as to ensure that the user information stored in the device is leaked. The user needs to deliver the device to the corresponding personnel for detection and restoration of settings, so that the network can be connected normally.

本发明实施例的安全联网的方法,通过将设备wifi模块的出厂mac地址信息写入预设的安全模块中,由于该安全模块写入信息时要求权限认证,因此写入其中的mac地址信息不易被篡改;进而通过检测设备wifi模块的当前mac地址与所述安全模块中存储的出厂mac地址,便可确定出设备wifi模块的当前mac地址是否经过了篡改;进而判断设备接入wifi网络是否存在安全风险,由此能够减小设备接入wifi网络导致信息泄露的风险。In the method for secure networking according to the embodiment of the present invention, the factory mac address information of the device wifi module is written into the preset security module. Since the security module requires authority authentication when writing information, it is not easy to write the mac address information therein. tampered; then by detecting the current mac address of the device wifi module and the factory mac address stored in the security module, it can be determined whether the current mac address of the device wifi module has been tampered with; and then determine whether the device accesses the wifi network exists Security risk, thereby reducing the risk of information leakage caused by the device accessing the wifi network.

图2为另一实施例的安全联网的方法的示意性流程图;以配置有NFC模块的设备为例,对本发明安全联网的方法作进一步的说明;其中设备的NFC安全元件即为安全模块。如图2所示,本实施例的安全联网的方法包括步骤:2 is a schematic flowchart of a method for secure networking according to another embodiment; taking a device configured with an NFC module as an example, the method for secure networking of the present invention is further described; the NFC secure element of the device is the security module. As shown in FIG. 2 , the method for secure networking in this embodiment includes the steps:

S21,预先在设备中安装一个用于检测联网安全的应用程序,以通过所述应用程序将设备wifi模块的出厂mac地址信息写入NFC安全元件中;S21, an application program for detecting network security is installed in the device in advance, so that the factory mac address information of the device wifi module is written into the NFC secure element through the application program;

S22,检测所述应用程序是否为首次运行,若是,执行下一步骤,否则,执行步骤;S22, detect whether the application program is running for the first time, if so, execute the next step, otherwise, execute the step;

S23,进行权限校验,以判断所述应用程序是否具有NFC安全元件的读写权限,若权限校验通过,执行下一步骤;否则,禁止所述应用程序将设备wifi模块的出厂mac地址信息写入NFC安全元件中。S23, perform authority verification to determine whether the application program has the read and write authority of the NFC secure element, and if the authority verification passes, execute the next step; otherwise, prohibit the application program from using the factory mac address information of the device wifi module Write to the NFC Secure Element.

本实施例中,权限校验的方式可以是通过连接对应的服务器进行校验,也可以通过密码进行校验。In this embodiment, the authority verification method may be performed by connecting to a corresponding server, or by a password.

S24,初始化所述应用程序,将设备wifi模块的出厂mac地址信息写入NFC安全元件中。S24, initialize the application program, and write the factory mac address information of the device wifi module into the NFC secure element.

S25,检测到有可连接的wifi网络,读取所述NFC安全元件中存储的出厂mac地址,以及获取wifi模块的当前mac地址。S25, it is detected that there is a connectable wifi network, the factory mac address stored in the NFC secure element is read, and the current mac address of the wifi module is obtained.

S26,将当前mac地址与出厂mac地址进行比对,两者是否一致,若是,确定为所述设备接入wifi网络安全,正常联网;否则,确定为所述设备接入wifi网络不安全,禁止所述设备wifi模块联网。S26, compare the current mac address with the factory mac address to see if the two are consistent, and if so, it is determined that the device is connected to the wifi network safely and is connected to the network normally; otherwise, it is determined that the device is unsafe to access the wifi network, prohibiting The device wifi module is networked.

本发明实施例的安全联网的方法,通过将设备wifi模块的出厂mac地址信息写入设备的NFC安全元件中,由于写入NFC安全元件中的mac地址信息不易被篡改;通过检测设备wifi模块的当前mac地址与NFC安全元件中存储的出厂mac地址,便可确定出设备wifi模块的mac地址是否经过了篡改,若经过了篡改,可判断为所述设备存在联网安全风险,禁止设备wifi模块进行联网,由此减小设备中用户信息泄露的风险。In the method for secure networking according to the embodiment of the present invention, the factory mac address information of the device wifi module is written into the NFC secure element of the device, because the mac address information written into the NFC secure element is not easily tampered; The current mac address and the factory mac address stored in the NFC secure element can determine whether the mac address of the device wifi module has been tampered with. Networking, thereby reducing the risk of leakage of user information in the device.

需要说明的是,对于前述的各方法实施例,为了简便描述,将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某些步骤可以采用其它顺序或者同时进行。It should be noted that, for the convenience of description, the foregoing method embodiments are all expressed as a series of action combinations, but those skilled in the art should know that the present invention is not limited by the described action sequence, because Certain steps may be performed in other orders or simultaneously in accordance with the present invention.

基于与上述实施例中的安全联网的方法相同的思想,本发明还提供安全联网的装置,该装置可用于执行上述安全联网的方法。为了便于说明,安全联网的装置实施例的结构示意图中,仅仅示出了与本发明实施例相关的部分,本领域技术人员可以理解,图示结构并不构成对装置的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Based on the same idea as the method for secure networking in the above embodiments, the present invention also provides a device for secure networking, which can be used to execute the above method for secure networking. For convenience of description, in the schematic structural diagram of the embodiment of the device for secure networking, only the part related to the embodiment of the present invention is shown. Those skilled in the art can understand that the illustrated structure does not constitute a limitation on the device, and may include a comparison diagram. more or fewer components are shown, or some components are combined, or a different arrangement of components.

图3为本发明一实施例的安全联网的装置的示意性结构图;如图3所示,本实施例的安全联网的装置包括:写入管理模块310、读取管理模块320以及检测模块330,各模块详述如下:FIG. 3 is a schematic structural diagram of a device for secure networking according to an embodiment of the present invention; as shown in FIG. 3 , the device for secure networking in this embodiment includes: a writing management module 310 , a reading management module 320 and a detection module 330 , each module is detailed as follows:

所述写入管理模块310,用于获取设备wifi模块的出厂mac地址信息,将所述出厂mac地址信息写入预设的安全模块中,所述安全模块为写入信息时要求权限认证的模块;The writing management module 310 is used to obtain the factory mac address information of the device wifi module, and write the factory mac address information into a preset security module, and the security module is a module that requires authority authentication when writing information ;

在设备出厂时,不同设备的wifi模块分配有不同的mac地址,以便网络能够唯一识别该设备的wifi模块并进行数据连接。以手机为例,由于不同手机上的wifi模块是通过不同的mac地址进行区分的,如果mac地址一样,对于网络而言,则认为是同一个手机。When the device leaves the factory, the wifi modules of different devices are assigned different mac addresses, so that the network can uniquely identify the wifi module of the device and perform data connection. Taking a mobile phone as an example, since the wifi modules on different mobile phones are distinguished by different mac addresses, if the mac addresses are the same, for the network, it is considered to be the same mobile phone.

所述读取管理模块320,用于检测到有可连接的wifi网络,读取所述安全模块中存储的出厂mac地址,以及获取wifi模块的当前mac地址;The read management module 320 is configured to detect a connectable wifi network, read the factory mac address stored in the security module, and obtain the current mac address of the wifi module;

所述检测模块330,用于将当前mac地址与出厂mac地址进行比对,根据比对结果判断所述设备接入wifi网络是否不安全。The detection module 330 is configured to compare the current mac address with the factory mac address, and judge whether the device is unsafe to access the wifi network according to the comparison result.

优选的,所述检测模块330可具体用于将当前mac地址与出厂mac地址进行比对,若两者不一致,确定为所述设备接入wifi网络不安全,禁止所述设备的wifi模块联网;若两者一致,确定为所述设备接入wifi网络安全,允许所述设备的wifi模块正常接入wifi网络。Preferably, the detection module 330 can be specifically configured to compare the current mac address with the factory mac address, and if the two are inconsistent, it is determined that the device is unsafe to access the wifi network, and the wifi module of the device is prohibited from being connected to the Internet; If the two are consistent, it is determined that it is safe for the device to access the Wi-Fi network, and the Wi-Fi module of the device is allowed to access the Wi-Fi network normally.

作为一优选实施方式,所述安全联网的装置还可包括校验模块(图中未示出),用于进行权限校验,以判断是否具有所述安全模块的读写权限。对应的,所述写入管理模块310,还用于若所述权限校验未通过,则禁止将设备wifi模块的出厂mac地址信息写入所述安全模块中。As a preferred embodiment, the device for secure networking may further include a verification module (not shown in the figure) for performing authority verification to determine whether the security module has read and write authority. Correspondingly, the writing management module 310 is further configured to prohibit writing the factory mac address information of the device wifi module into the security module if the authority verification fails.

优选的,本实施例中所述安全模块指的是所述设备的NFC安全元件。优选的,若所述设备配置有NFC模块,则可将设备的NFC安全元件作为所述安全模块。NFC的SE可以认为是一张存储卡,可以用来存储一些重要的数据信息,并且修改SE里面的数据需要进行权限认证,因此被非法篡改的可能性较小。Preferably, the security module in this embodiment refers to the NFC security element of the device. Preferably, if the device is configured with an NFC module, the NFC secure element of the device can be used as the security module. The SE of NFC can be considered as a memory card, which can be used to store some important data information, and modifying the data in the SE requires authorization authentication, so it is less likely to be illegally tampered with.

本发明实施例的安全联网装置,通过将设备wifi模块的出厂mac地址信息写入预设的安全模块中,由于向所述安全模块写入信息时要求权限认证,因此写入其中的mac地址信息不易被篡改;进而通过检测设备wifi模块的当前mac地址与所述安全模块中存储的mac地址,便可确定出设备wifi模块的mac地址是否经过了篡改,若经过了篡改,可判断为所述设备接入wifi网络存在安全风险,进而可有效减小设备接入wifi网络导致信息泄露的风险。In the secure networking device according to the embodiment of the present invention, the factory mac address information of the device wifi module is written into the preset security module. Since authority authentication is required when writing information to the security module, the mac address information is written into the security module. It is not easy to be tampered with; and then by detecting the current mac address of the device wifi module and the mac address stored in the security module, it can be determined whether the mac address of the device wifi module has been tampered with, and if it has been tampered, it can be determined that the There is a security risk when a device is connected to a Wi-Fi network, which can effectively reduce the risk of information leakage caused by the device's access to the Wi-Fi network.

需要说明的是,上述示例的安全联网的装置的实施方式中,各模块/单元之间的信息交互、执行过程等内容,由于与本发明前述方法实施例基于同一构思,其带来的技术效果与本发明前述方法实施例相同,具体内容可参见本发明方法实施例中的叙述,此处不再赘述。It should be noted that, in the implementation of the secure networking device in the above example, the information exchange and execution process among the modules/units are based on the same concept as the foregoing method embodiments of the present invention, and the technical effects brought about by them are based on the same concept. The same as the foregoing method embodiments of the present invention, the specific content can be referred to the descriptions in the method embodiments of the present invention, and details are not repeated here.

此外,上述示例的安全联网的装置的实施方式中,各功能模块的逻辑划分仅是举例说明,实际应用中可以根据需要,例如出于相应硬件的配置要求或者软件的实现的便利考虑,将上述功能分配由不同的功能模块完成,即将所述安全联网的装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。其中各功能模既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。In addition, in the implementation of the secure networking device in the above example, the logical division of each functional module is only an example, and in practical applications, the above-mentioned configuration may be required according to needs, for example, for the convenience of the configuration requirements of the corresponding hardware or the realization of the software. The function distribution is completed by different function modules, that is, the internal structure of the secure networked device is divided into different function modules, so as to complete all or part of the functions described above. Each function module can be realized in the form of hardware or in the form of software function modules.

本领域普通技术人员可以理解,实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,作为独立的产品销售或使用。所述程序在执行时,可执行如上述各方法的实施例的全部或部分步骤。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-OnlyMemory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be completed by instructing the relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium as a Standalone product for sale or use. When the program is executed, all or part of the steps in the foregoing method embodiments can be performed. The storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like.

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其它实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, reference may be made to the relevant descriptions of other embodiments.

以上所述实施例仅表达了本发明的几种实施方式,不能理解为对本发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干变形和改进,这些都属于本发明的保护范围。因此,本发明专利的保护范围应以所附权利要求为准。The above-mentioned embodiments only represent several embodiments of the present invention, and should not be construed as limiting the patent scope of the present invention. It should be pointed out that for those of ordinary skill in the art, without departing from the concept of the present invention, several modifications and improvements can also be made, which all belong to the protection scope of the present invention. Therefore, the protection scope of the patent of the present invention shall be subject to the appended claims.

Claims (10)

1.一种安全联网的方法,其特征在于,包括:1. A method for secure networking, comprising: 获取设备wifi模块的出厂mac地址,将所述出厂mac地址写入预设的安全模块中,所述安全模块为写入信息时要求权限认证的模块;Obtain the factory mac address of the device wifi module, and write the factory mac address into a preset security module, where the security module is a module that requires authority authentication when writing information; 检测到有可连接的wifi网络,读取所述安全模块中存储的出厂mac地址,并获取wifi模块的当前mac地址;Detecting a connectable wifi network, reading the factory mac address stored in the security module, and obtaining the current mac address of the wifi module; 将当前mac地址与出厂mac地址进行比对,根据比对结果判断所述设备接入wifi网络是否不安全。Compare the current mac address with the factory mac address, and judge whether the device is insecure to access the wifi network according to the comparison result. 2.根据权利要求1所述的安全联网的方法,其特征在于,根据比对结果判断所述设备接入wifi网络是否不安全的步骤包括:2. The method for secure networking according to claim 1, wherein the step of judging whether the device is unsafe to access the wifi network according to the comparison result comprises: 若两者不一致,确定为所述设备接入wifi网络不安全,禁止设备的wifi模块联网。If the two are inconsistent, it is determined that it is not safe for the device to access the wifi network, and the wifi module of the device is prohibited from being connected to the Internet. 3.根据权利要求1所述的安全联网的方法,其特征在于,获取设备wifi模块的出厂mac地址信息,将所述出厂mac地址信息写入预设的安全模块中的步骤之前还包括:3. The method for secure networking according to claim 1, wherein the step of obtaining the factory mac address information of the device wifi module, and writing the factory mac address information into the preset security module further comprises: 预设用于检测联网安全的应用程序,以通过所述应用程序将设备wifi模块的出厂mac地址信息写入预设的安全模块中;Preset an application program for detecting network security, so as to write the factory mac address information of the device wifi module into the preset security module through the application program; 以及,进行权限校验,以判断所述应用程序是否具有所述安全模块的读写权限。And, performing permission verification to determine whether the application program has the read and write permission of the security module. 4.根据权利要求3所述的安全联网的方法,其特征在于,进行权限校验,以判断所述应用程序是否具有所述安全模块的读写权限的步骤包括:4. The method for secure networking according to claim 3, wherein the step of performing authority verification to determine whether the application program has the read and write authority of the security module comprises: 检测所述应用程序是否为首次运行;若是,进行权限校验,以判断所述应用程序是否具有所述安全模块的读写权限。Detect whether the application program is running for the first time; if so, perform permission verification to determine whether the application program has the read and write permission of the security module. 5.根据权利要求3或4所述的安全联网的方法,其特征在于,进行权限校验,以判断所述应用程序是否具有所述安全模块的读写权限的步骤包括:5. The method for secure networking according to claim 3 or 4, wherein the step of performing authority verification to judge whether the application program has the read and write authority of the security module comprises: 若检测到写入信息到所述安全模块的请求,则进行权限校验,以判断所述应用程序是否具有所述安全模块的读写权限。If a request for writing information to the security module is detected, permission verification is performed to determine whether the application program has the read and write permission of the security module. 6.根据权利要求3或4所述的安全联网的方法,其特征在于,还包括:6. The method for secure networking according to claim 3 or 4, characterized in that, further comprising: 若所述权限校验未通过,禁止所述应用程序将设备wifi模块的出厂mac地址信息写入所述安全模块中。If the permission check fails, the application is prohibited from writing the factory mac address information of the device wifi module into the security module. 7.根据权利要求1-4任一所述的安全联网的方法,其特征在于,所述安全模块为所述设备的NFC安全元件。7. The method for secure networking according to any one of claims 1-4, wherein the security module is an NFC secure element of the device. 8.一种安全联网的装置,其特征在于,包括:8. A device for secure networking, comprising: 写入管理模块,用于获取设备wifi模块的出厂mac地址,将所述出厂mac地址写入预设的安全模块中,所述安全模块为写入信息时要求权限认证的模块;The writing management module is used to obtain the factory mac address of the device wifi module, and write the factory mac address into a preset security module, where the security module is a module that requires authority authentication when writing information; 读取管理模块,用于检测到有可连接的wifi网络,读取所述安全模块中存储的出厂mac地址,以及获取wifi模块的当前mac地址;The reading management module is used to detect that there is a connectable wifi network, read the factory mac address stored in the security module, and obtain the current mac address of the wifi module; 检测模块,用于将当前mac地址与出厂mac地址进行比对,根据比对结果判断所述设备接入wifi网络是否不安全。The detection module is used to compare the current mac address with the factory mac address, and judge whether the device is unsafe to access the wifi network according to the comparison result. 9.根据权利要求8所述的安全联网的装置,其特征在于,所述检测模块,用于将当前mac地址与出厂mac地址进行比对,若两者不一致,确定为所述设备接入wifi网络不安全,禁止所述设备的wifi模块联网。9 . The device for secure networking according to claim 8 , wherein the detection module is used to compare the current mac address with the factory mac address, and if the two are inconsistent, it is determined that the device is connected to wifi 9 . The network is not secure, and the wifi module of the device is prohibited from being connected to the Internet. 10.根据权利要求8所述的安全联网的装置,其特征在于,还包括:10. The device for secure networking according to claim 8, further comprising: 校验模块,用于进行权限校验,以判断是否具有所述安全模块的读写权限;a verification module, used to perform authority verification to determine whether the security module has read and write authority; 所述写入管理模块,还用于若所述权限校验未通过,禁止将设备wifi模块的出厂mac地址信息写入所述安全模块中。The writing management module is further configured to prohibit writing the factory mac address information of the device wifi module into the security module if the authority verification fails.
CN201610613167.4A 2016-07-29 2016-07-29 Method and apparatus for secure networking Active CN106211163B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610613167.4A CN106211163B (en) 2016-07-29 2016-07-29 Method and apparatus for secure networking

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610613167.4A CN106211163B (en) 2016-07-29 2016-07-29 Method and apparatus for secure networking

Publications (2)

Publication Number Publication Date
CN106211163A CN106211163A (en) 2016-12-07
CN106211163B true CN106211163B (en) 2019-08-16

Family

ID=57496893

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610613167.4A Active CN106211163B (en) 2016-07-29 2016-07-29 Method and apparatus for secure networking

Country Status (1)

Country Link
CN (1) CN106211163B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108632107A (en) * 2017-12-29 2018-10-09 研祥智能科技股份有限公司 MAC Address of Network Card detection method and device
CN111954164B (en) * 2020-07-24 2021-09-24 深圳创维数字技术有限公司 Device distribution network method, device and computer-readable storage medium
CN114167804B (en) * 2021-11-10 2024-12-20 汤臣智能科技(深圳)有限公司 Authentication method and system for PLC encryption program
CN119110283B (en) * 2024-10-17 2026-02-03 中国电信股份有限公司 Data transmission system and method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043330A (en) * 2006-06-22 2007-09-26 华为技术有限公司 Apparatus and method for preventing MAC address from passing-off
CN101213817A (en) * 2005-06-30 2008-07-02 艾利森电话股份有限公司 Mapping from an endpoint's original MAC address to a unique locally administered virtual MAC address
CN101415012A (en) * 2008-11-06 2009-04-22 杭州华三通信技术有限公司 Method and system for defending address analysis protocol message aggression
CN101895587A (en) * 2010-07-06 2010-11-24 中兴通讯股份有限公司 Method, device and system for preventing users from modifying IP addresses privately
CN102982264A (en) * 2012-12-24 2013-03-20 上海斐讯数据通信技术有限公司 Method for protecting embedded type device software
CN105335147A (en) * 2014-08-11 2016-02-17 联想(北京)有限公司 Information processing method and electronic equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7191331B2 (en) * 2002-06-13 2007-03-13 Nvidia Corporation Detection of support for security protocol and address translation integration

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101213817A (en) * 2005-06-30 2008-07-02 艾利森电话股份有限公司 Mapping from an endpoint's original MAC address to a unique locally administered virtual MAC address
CN101043330A (en) * 2006-06-22 2007-09-26 华为技术有限公司 Apparatus and method for preventing MAC address from passing-off
CN101415012A (en) * 2008-11-06 2009-04-22 杭州华三通信技术有限公司 Method and system for defending address analysis protocol message aggression
CN101895587A (en) * 2010-07-06 2010-11-24 中兴通讯股份有限公司 Method, device and system for preventing users from modifying IP addresses privately
CN102982264A (en) * 2012-12-24 2013-03-20 上海斐讯数据通信技术有限公司 Method for protecting embedded type device software
CN105335147A (en) * 2014-08-11 2016-02-17 联想(北京)有限公司 Information processing method and electronic equipment

Also Published As

Publication number Publication date
CN106211163A (en) 2016-12-07

Similar Documents

Publication Publication Date Title
TWI636412B (en) Verification method, terminal and system for application program
CN107077546B (en) System and method for updating hold factor credentials
US9843930B2 (en) Trusted execution environment initialization method and mobile terminal
US11978053B2 (en) Systems and methods for estimating authenticity of local network of device initiating remote transaction
US20140282992A1 (en) Systems and methods for securing the boot process of a device using credentials stored on an authentication token
US20170331818A1 (en) Systems and methods for location-restricting one-time passcodes
CN106211163B (en) Method and apparatus for secure networking
CN105653979A (en) Code injection based privacy information protection method
US9882931B1 (en) Systems and methods for detecting potentially illegitimate wireless access points
WO2015048418A1 (en) Application authentication checking system
US9235696B1 (en) User authentication using a portable mobile device
WO2017076051A1 (en) Method and apparatus for acquiring superuser permission
WO2019037521A1 (en) Security detection method, device, system, and server
CN104836777B (en) Identity verification method and system
WO2015078247A1 (en) Method, apparatus and terminal for monitoring phishing
CN105827583A (en) Method and device for access to mobile data network
CN104639519B (en) A verification method and device
CN104994501A (en) Connection method of wireless network and terminal equipment
CN103607508B (en) The management method of a kind of authority, device and mobile phone terminal
CN112787994B (en) Method, device, device, and storage medium for processing device ID of electronic device
CN106357876A (en) Data display method of mobile terminal and device
CN104518871A (en) Network platform and method for performing self-service authentication on mobile storage equipment
CN110061988B (en) Authentication method of embedded equipment, service server and storage medium
CN104022874A (en) Method for information processing and electronic equipment
US11122040B1 (en) Systems and methods for fingerprinting devices

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Changan town in Guangdong province Dongguan 523860 usha Beach Road No. 18

Applicant after: OPPO Guangdong Mobile Communications Co., Ltd.

Address before: Changan town in Guangdong province Dongguan 523860 usha Beach Road No. 18

Applicant before: Guangdong OPPO Mobile Communications Co., Ltd.

GR01 Patent grant
GR01 Patent grant